It's hard to lure hacker fighters from the lucrative private sector to the government, but once they join the State Department, they typically stay, a top department cyber official says.

Dangling cash incentives helps.

"At the State Department, the good news is when we get good people we can generally keep them," said Pete Gouldmann, director of information risk programs in State's Office of Information Assurance. "And that’s because we employ a retention bonus program that a lot of agencies don’t do. We pay our folks pretty highly for the talent that they bring in. However, it’s still a challenge to get into the State Department because you have to have the abilities to begin with. It’s great that we can retain people. We’d like to get more than we have."

The special wages are a percentage of salary, either 9 percent or 14 percent, and are distributed every pay period, according to State officials. To qualify, professionals must earn additional information technology certifications. Certifications are not free, but the extra income may cover most associated expenses.

Asked for details about the incentives, State officials insisted they are not "bonuses."

"Let us clarify that we do not consider our Special Incentive Pay (SIP), which Mr. Gouldmann was referring, to be a retention bonus," State spokesman Steve Aguzin said in an email. He describes the program, which launched in 1999, as a “catalyst for skills improvement within the IT competencies.”

It is an effort to update and hone IT employee skills so they can handle the latest technologies and meet ever-changing departmental needs. Every two years, "recipients must take continuing education IT courses or formally update their certifications with that industry to keep their SIP current, otherwise their SIP pay is suspended," Aguzin said. Most personnel get their licenses using their own time and money.

Certification exams endorsed by the government, which are administered by credentialing firms such as (ISC)2, SANS and CompTIA, generally cost between $500 and $1,000 and require annual maintenance charges.

Gouldmann was speaking at a recent Washington area government cyber leadership event, along with other computer security managers who are facing staffing shortages and salary restrictions.

Transportation Security Administration Deputy Chief Information Officer Jill Vaughan said losing her cyber employees is a major fear. "I think one of the things that keeps me up at night is just the workforce in general," she said. "Trying to keep those folks at TSA when I know they can go to a lot of different places is a tough thing to wake up to every day."

Figuring out ways to engage the workforce "and keep people happy, whether that’s making sure they have the certifications that they want or need -- whatever kind of gets that person going -- I think is a constant struggle," Vaughan said. Her focus is on maintaining morale despite fiscal constraints and other organizationwide predicaments.

According to the Office of Personnel Management, the government's human resources division, any agency can give a retention incentive to a current employee who is uniquely qualified or highly needed and would otherwise leave public service. The most recent report to Congress on the use of these bonuses, for 2009, indicates IT managers are among the primary beneficiaries. That year, the extra wages were crucial to holding on to a Labor Department chief information security officer who likely would have left, OPM officials said.

At the United States Agency for International Development, the bonuses helped improve job performance, morale and USAID IT infrastructure, the report said. About 890 retention bonuses were handed out to IT supervisors governmentwide in 2009, worth a combined $10.3 million. Other top earners included medical officers, who took home $19.7 million total, and nurses, who received $12.2 million. The study did not break out information security occupations.

The bonuses seem to have fended off at least some industry recruiters. "Retention incentives have stemmed the loss of telecommunications employees and IT staff, particularly to defense contractors," the 2009 OPM report stated.

FROM OUR SPONSORS

sponsored

JOIN THE DISCUSSION

By using this service you agree not to post material that is obscene, harassing, defamatory, or
otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has
no obligation to), it reserves the right to delete, edit, or move any material that it deems to
be in violation of this rule.

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

Data-Centric Security vs. Database-Level Security

Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.